Launchpad.net

CVE 2014-0479

reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.

Related bugs and status

CVE-2014-0479 (Candidate) is related to these bugs:

Bug #1353046: arbitrary code execution in compare_versions

		In	Importance	Status
1353046	arbitrary code execution in compare_versions	reportbug (Ubuntu)	High	Fix Released
1353046	arbitrary code execution in compare_versions	reportbug (Ubuntu Utopic)	High	Fix Released
1353046	arbitrary code execution in compare_versions	reportbug (Ubuntu Lucid)	Undecided	Won't Fix
1353046	arbitrary code execution in compare_versions	reportbug (Ubuntu Precise)	High	Fix Released
1353046	arbitrary code execution in compare_versions	reportbug (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
DEBIAN: DSA-2997
BID: 69055
OSVDB: 109858
SECUNIA: 59896
XF: reportbug-cve20140479-...